Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 513

and the signed data across the network. The server validates the signature and confirms the validity
of the certificate.
B.4.2.1. Password-Based Authentication
Figure B.4, "Using a Password to Authenticate a Client to a Server"
authenticating a user using a username and password. This example assumes the following:
• The user has already trusted the server, either without authentication or on the basis of server
authentication over SSL.
• The user has requested a resource controlled by the server.
• The server requires client authentication before permitting access to the requested resource.
Figure B.4. Using a Password to Authenticate a Client to a Server
These are the steps in this authentication process:
1. When the server requests authentication from the client, the client displays a dialog box requesting
the username and password for that server.
2. The client sends the name and password across the network, either in plain text or over an
encrypted SSL connection.
3. The server looks up the name and password in its local password database and, if they match,
accepts them as evidence authenticating the user's identity.
4. The server determines whether the identified user is permitted to access the requested resource
and, if so, allows the client to access it.
With this arrangement, the user must supply a new password for each server accessed, and the
administrator must keep track of the name and password for each user.
B.4.2.2. Certificate-Based Authentication
One of the advantages of certificate-based authentication is that it can be used to replace the first
three steps in authentication with a mechanism that allows the user to supply one password, which is
Authentication Confirms an Identity
shows the process of
491